Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact
Log in

Changelog

User-visible changes to ScaiKey. Latest first.

2026-05-17 — Public documentation launch#

First public version of these docs covering the platform's identity model, OAuth/OIDC surface, admin API, and webhook contracts. The product itself has been in production for some time — this is the documentation catching up.

If you find a gap or an inaccuracy, ping the ScaiKey team.

Earlier#

Pre-launch changes are tracked in the internal changelog. Notable platform-visible items that pre-date this doc site:

  • Platform-level OIDC end_session endpoint for GLOBAL apps without a tenant slug — see Reference → OAuth endpoints.
  • RFC 8693 Token Exchange active on the platform, per-target opt-in via the application's token_exchange_allowed flag.
  • sub claim on client_credentials JWTs now set to the client_id (also exposed as token_type: "client_credentials" for consumers that key off it).
  • Webhook signature format: HMAC-SHA256 over "{timestamp}.{compact-sorted-json-body}", delivered in X-ScaiKey-Signature: t=...,v1=... — see Reference → Webhooks.
Updated 2026-05-17 12:20:36 View source (.md) rev 1